generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Backport SHA-[224|256|384|512] from HEAD to FIPS.

Browse Source
This commit is contained in:
Andy Polyakov 2005-05-07 17:21:34 +00:00
parent 0649b6f0f2
commit 4b27a9feb3
24 changed files with 1317 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
crypto/evp/c_alld.c
View File

@ -99,5 +99,15 @@ void OpenSSL_add_all_digests(void)
EVP_add_digest(EVP_ripemd160());
EVP_add_digest_alias(SN_ripemd160,"ripemd");
EVP_add_digest_alias(SN_ripemd160,"rmd160");
#endif
#ifdef OPENSSL_FIPS
#ifndef OPENSSL_NO_SHA256
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
#endif
#ifndef OPENSSL_NO_SHA512
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
#endif
#endif
}

14
crypto/evp/evp.h
View File

@ -84,7 +84,11 @@
#include <openssl/md5.h>
#endif
#ifndef OPENSSL_NO_SHA
#ifndef OPENSSL_FIPS
#include <openssl/sha.h>
#else
#include <openssl/fips_sha.h>
#endif
#endif
#ifndef OPENSSL_NO_RIPEMD
#include <openssl/ripemd.h>
@ -128,7 +132,7 @@
#define EVP_CAST5_KEY_SIZE 16
#define EVP_RC5_32_12_16_KEY_SIZE 16
*/
#define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
#define EVP_MAX_MD_SIZE 64 /* longest known SHA512 */
#define EVP_MAX_KEY_LENGTH 32
#define EVP_MAX_IV_LENGTH 16
#define EVP_MAX_BLOCK_LENGTH 32
@ -642,6 +646,14 @@ const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_dss(void);
const EVP_MD *EVP_dss1(void);
#ifndef OPENSSL_NO_SHA256
const EVP_MD *EVP_sha224(void);
const EVP_MD *EVP_sha256(void);
#endif
#ifndef OPENSSL_NO_SHA512
const EVP_MD *EVP_sha384(void);
const EVP_MD *EVP_sha512(void);
#endif
#endif
#ifndef OPENSSL_NO_MDC2
const EVP_MD *EVP_mdc2(void);

3
crypto/evp/m_sha.c
View File

@ -59,6 +59,9 @@
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
#include <stdio.h>
#include "cryptlib.h"
/* Including sha.h prior evp.h masks FIPS SHA declarations, but that's
* exactly what we want to achieve here... */
#include <openssl/sha.h>
#include <openssl/evp.h>
#include "evp_locl.h"
#include <openssl/objects.h>

119
crypto/evp/m_sha1.c
View File

@ -67,7 +67,14 @@ static int init(EVP_MD_CTX *ctx)
{ return SHA1_Init(ctx->md_data); }
static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
#ifndef OPENSSL_FIPS
{ return SHA1_Update(ctx->md_data,data,count); }
#else
{
OPENSSL_assert(sizeof(count)<=sizeof(size_t));
return SHA1_Update(ctx->md_data,data,count);
}
#endif
static int final(EVP_MD_CTX *ctx,unsigned char *md)
{ return SHA1_Final(md,ctx->md_data); }
@ -93,3 +100,115 @@ const EVP_MD *EVP_sha1(void)
return(&sha1_md);
}
#endif
#ifdef OPENSSL_FIPS
#ifndef OPENSSL_NO_SHA256
static int init224(EVP_MD_CTX *ctx)
{ return SHA224_Init(ctx->md_data); }
static int init256(EVP_MD_CTX *ctx)
{ return SHA256_Init(ctx->md_data); }
/*
* Even though there're separate SHA224_[Update|Final], we call
* SHA256 functions even in SHA224 context. This is what happens
* there anyway, so we can spare few CPU cycles:-)
*/
static int update256(EVP_MD_CTX *ctx,const void *data,unsigned long count)
{
OPENSSL_assert(sizeof(count)<=sizeof(size_t));
return SHA256_Update(ctx->md_data,data,count);
}
static int final256(EVP_MD_CTX *ctx,unsigned char *md)
{ return SHA256_Final(md,ctx->md_data); }
static const EVP_MD sha224_md=
{
NID_sha224,
NID_sha224WithRSAEncryption,
SHA224_DIGEST_LENGTH,
EVP_MD_FLAG_FIPS,
init224,
update256,
final256,
NULL,
NULL,
EVP_PKEY_RSA_method,
SHA256_CBLOCK,
sizeof(EVP_MD *)+sizeof(SHA256_CTX),
};
const EVP_MD *EVP_sha224(void)
{ return(&sha224_md); }
static const EVP_MD sha256_md=
{
NID_sha256,
NID_sha256WithRSAEncryption,
SHA256_DIGEST_LENGTH,
EVP_MD_FLAG_FIPS,
init256,
update256,
final256,
NULL,
NULL,
EVP_PKEY_RSA_method,
SHA256_CBLOCK,
sizeof(EVP_MD *)+sizeof(SHA256_CTX),
};
const EVP_MD *EVP_sha256(void)
{ return(&sha256_md); }
#endif /* ifndef OPENSSL_NO_SHA256 */
#ifndef OPENSSL_NO_SHA512
static int init384(EVP_MD_CTX *ctx)
{ return SHA384_Init(ctx->md_data); }
static int init512(EVP_MD_CTX *ctx)
{ return SHA512_Init(ctx->md_data); }
/* See comment in SHA224/256 section */
static int update512(EVP_MD_CTX *ctx,const void *data,unsigned long count)
{
OPENSSL_assert(sizeof(count)<=sizeof(size_t));
return SHA512_Update(ctx->md_data,data,count);
}
static int final512(EVP_MD_CTX *ctx,unsigned char *md)
{ return SHA512_Final(md,ctx->md_data); }
static const EVP_MD sha384_md=
{
NID_sha384,
NID_sha384WithRSAEncryption,
SHA384_DIGEST_LENGTH,
EVP_MD_FLAG_FIPS,
init384,
update512,
final512,
NULL,
NULL,
EVP_PKEY_RSA_method,
SHA512_CBLOCK,
sizeof(EVP_MD *)+sizeof(SHA512_CTX),
};
const EVP_MD *EVP_sha384(void)
{ return(&sha384_md); }
static const EVP_MD sha512_md=
{
NID_sha512,
NID_sha512WithRSAEncryption,
SHA512_DIGEST_LENGTH,
EVP_MD_FLAG_FIPS,
init512,
update512,
final512,
NULL,
NULL,
EVP_PKEY_RSA_method,
SHA512_CBLOCK,
sizeof(EVP_MD *)+sizeof(SHA512_CTX),
};
const EVP_MD *EVP_sha512(void)
{ return(&sha512_md); }
#endif /* ifndef OPENSSL_NO_SHA512 */
#endif /* ifdef OPENSSL_FIPS */

2
crypto/hmac/hmac.h
View File

@ -64,7 +64,7 @@
#include <openssl/evp.h>
#define HMAC_MAX_MD_CBLOCK 64
#define HMAC_MAX_MD_CBLOCK 128
#ifdef __cplusplus
extern "C" {

54
crypto/objects/obj_dat.h
View File

@ -62,12 +62,12 @@
* [including the GNU Public Licence.]
*/
#define NUM_NID 668
#define NUM_SN 660
#define NUM_LN 660
#define NUM_OBJ 624
#define NUM_NID 676
#define NUM_SN 668
#define NUM_LN 668
#define NUM_OBJ 632
static unsigned char lvalues[4500]={
static unsigned char lvalues[4572]={
0x00, /* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
@ -692,6 +692,14 @@ static unsigned char lvalues[4500]={
0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4475] OBJ_id_ppl_anyLanguage */
0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4483] OBJ_id_ppl_inheritAll */
0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4491] OBJ_Independent */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4499] OBJ_sha256WithRSAEncryption */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4508] OBJ_sha384WithRSAEncryption */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4517] OBJ_sha512WithRSAEncryption */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4526] OBJ_sha224WithRSAEncryption */
0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4535] OBJ_sha256 */
0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4544] OBJ_sha384 */
0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4553] OBJ_sha512 */
0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4562] OBJ_sha224 */
};
static ASN1_OBJECT nid_objs[NUM_NID]={
@ -1756,6 +1764,18 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
&(lvalues[4483]),0},
{NULL,NULL,NID_undef,0,NULL},
{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4491]),0},
{"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9,
&(lvalues[4499]),0},
{"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9,
&(lvalues[4508]),0},
{"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9,
&(lvalues[4517]),0},
{"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9,
&(lvalues[4526]),0},
{"SHA256","sha256",NID_sha256,9,&(lvalues[4535]),0},
{"SHA384","sha384",NID_sha384,9,&(lvalues[4544]),0},
{"SHA512","sha512",NID_sha512,9,&(lvalues[4553]),0},
{"SHA224","sha224",NID_sha224,9,&(lvalues[4562]),0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
@ -1881,8 +1901,16 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[42]),/* "RSA-SHA" */
&(nid_objs[65]),/* "RSA-SHA1" */
&(nid_objs[115]),/* "RSA-SHA1-2" */
&(nid_objs[671]),/* "RSA-SHA224" */
&(nid_objs[668]),/* "RSA-SHA256" */
&(nid_objs[669]),/* "RSA-SHA384" */
&(nid_objs[670]),/* "RSA-SHA512" */
&(nid_objs[41]),/* "SHA" */
&(nid_objs[64]),/* "SHA1" */
&(nid_objs[675]),/* "SHA224" */
&(nid_objs[672]),/* "SHA256" */
&(nid_objs[673]),/* "SHA384" */
&(nid_objs[674]),/* "SHA512" */
&(nid_objs[188]),/* "SMIME" */
&(nid_objs[167]),/* "SMIME-CAPS" */
&(nid_objs[100]),/* "SN" */
@ -3059,6 +3087,14 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[64]),/* "sha1" */
&(nid_objs[115]),/* "sha1WithRSA" */
&(nid_objs[65]),/* "sha1WithRSAEncryption" */
&(nid_objs[675]),/* "sha224" */
&(nid_objs[671]),/* "sha224WithRSAEncryption" */
&(nid_objs[672]),/* "sha256" */
&(nid_objs[668]),/* "sha256WithRSAEncryption" */
&(nid_objs[673]),/* "sha384" */
&(nid_objs[669]),/* "sha384WithRSAEncryption" */
&(nid_objs[674]),/* "sha512" */
&(nid_objs[670]),/* "sha512WithRSAEncryption" */
&(nid_objs[42]),/* "shaWithRSAEncryption" */
&(nid_objs[52]),/* "signingTime" */
&(nid_objs[454]),/* "simpleSecurityObject" */
@ -3480,6 +3516,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */
&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */
&(nid_objs[644]),/* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */
&(nid_objs[668]),/* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */
&(nid_objs[669]),/* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */
&(nid_objs[670]),/* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */
&(nid_objs[671]),/* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */
&(nid_objs[28]),/* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */
&(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */
&(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */
@ -3544,6 +3584,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[427]),/* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */
&(nid_objs[428]),/* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */
&(nid_objs[429]),/* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */
&(nid_objs[672]),/* OBJ_sha256 2 16 840 1 101 3 4 2 1 */
&(nid_objs[673]),/* OBJ_sha384 2 16 840 1 101 3 4 2 2 */
&(nid_objs[674]),/* OBJ_sha512 2 16 840 1 101 3 4 2 3 */
&(nid_objs[675]),/* OBJ_sha224 2 16 840 1 101 3 4 2 4 */
&(nid_objs[71]),/* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */
&(nid_objs[72]),/* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */
&(nid_objs[73]),/* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */

42
crypto/objects/obj_mac.h
View File

@ -241,6 +241,26 @@
#define NID_sha1WithRSAEncryption 65
#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L
#define SN_sha256WithRSAEncryption "RSA-SHA256"
#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption"
#define NID_sha256WithRSAEncryption 668
#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L
#define SN_sha384WithRSAEncryption "RSA-SHA384"
#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption"
#define NID_sha384WithRSAEncryption 669
#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L
#define SN_sha512WithRSAEncryption "RSA-SHA512"
#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption"
#define NID_sha512WithRSAEncryption 670
#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L
#define SN_sha224WithRSAEncryption "RSA-SHA224"
#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption"
#define NID_sha224WithRSAEncryption 671
#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L
#define SN_pkcs3 "pkcs3"
#define NID_pkcs3 27
#define OBJ_pkcs3 OBJ_pkcs,3L
@ -2081,6 +2101,28 @@
#define LN_des_ede3_cfb8 "des-ede3-cfb8"
#define NID_des_ede3_cfb8 659
#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L
#define SN_sha256 "SHA256"
#define LN_sha256 "sha256"
#define NID_sha256 672
#define OBJ_sha256 OBJ_nist_hashalgs,1L
#define SN_sha384 "SHA384"
#define LN_sha384 "sha384"
#define NID_sha384 673
#define OBJ_sha384 OBJ_nist_hashalgs,2L
#define SN_sha512 "SHA512"
#define LN_sha512 "sha512"
#define NID_sha512 674
#define OBJ_sha512 OBJ_nist_hashalgs,3L
#define SN_sha224 "SHA224"
#define LN_sha224 "sha224"
#define NID_sha224 675
#define OBJ_sha224 OBJ_nist_hashalgs,4L
#define SN_hold_instruction_code "holdInstructionCode"
#define LN_hold_instruction_code "Hold Instruction Code"
#define NID_hold_instruction_code 430

8
crypto/objects/obj_mac.num
View File

@ -665,3 +665,11 @@ id_ppl_anyLanguage 664
id_ppl_inheritAll 665
id_ppl_independent 666
Independent 667
sha256WithRSAEncryption 668
sha384WithRSAEncryption 669
sha512WithRSAEncryption 670
sha224WithRSAEncryption 671
sha256 672
sha384 673
sha512 674
sha224 675

12
crypto/objects/objects.txt
View File

@ -63,6 +63,11 @@ pkcs1 2 : RSA-MD2 : md2WithRSAEncryption
pkcs1 3 : RSA-MD4 : md4WithRSAEncryption
pkcs1 4 : RSA-MD5 : md5WithRSAEncryption
pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption
# According to PKCS #1 version 2.1
pkcs1 11 : RSA-SHA256 : sha256WithRSAEncryption
pkcs1 12 : RSA-SHA384 : sha384WithRSAEncryption
pkcs1 13 : RSA-SHA512 : sha512WithRSAEncryption
pkcs1 14 : RSA-SHA224 : sha224WithRSAEncryption
pkcs 3 : pkcs3
pkcs3 1 : : dhKeyAgreement
@ -703,6 +708,13 @@ aes 44 : AES-256-CFB : aes-256-cfb
: DES-EDE3-CFB1 : des-ede3-cfb1
: DES-EDE3-CFB8 : des-ede3-cfb8
# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
!Alias nist_hashalgs nistAlgorithms 2
nist_hashalgs 1 : SHA256 : sha256
nist_hashalgs 2 : SHA384 : sha384
nist_hashalgs 3 : SHA512 : sha512
nist_hashalgs 4 : SHA224 : sha224
# Hold instruction CRL entry extension
!Cname hold-instruction-code
id-ce 23 : holdInstructionCode : Hold Instruction Code

2
crypto/sha/sha1_one.c
View File

@ -61,7 +61,7 @@
#include <openssl/sha.h>
#include <openssl/crypto.h>
#ifndef OPENSSL_NO_SHA1
#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_FIPS)
unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
{
SHA_CTX c;

2
fips/dsa/fips_dsa_gen.c
View File

@ -82,7 +82,7 @@
#include <openssl/rand.h>
#endif
#ifndef OPENSSL_NO_SHA
#include <openssl/sha.h>
#include <openssl/fips_sha.h>
#endif
#include <openssl/fips.h>
#include <openssl/err.h>

2
fips/dsa/fips_dssvs.c
View File

@ -2,7 +2,7 @@
#include <openssl/dsa.h>
#include <openssl/fips.h>
#include <openssl/err.h>
#include <openssl/sha.h>
#include <openssl/fips_sha.h>
#include <string.h>
int hex2bin(const char *in, unsigned char *out)

17
fips/fipshashes.c
View File

@ -16,18 +16,21 @@ const char * const FIPS_source_hashes[] = {
"HMAC-SHA1(dh/fips_dh_gen.c)= 93fe69b758ca9d70d70cda1c57fff4eb5c668e85",
"HMAC-SHA1(dh/fips_dh_key.c)= 0b810d411090abd6b676a7ca730c35362fbd04a4",
"HMAC-SHA1(dsa/fips_dsa_ossl.c)= 8bb943c0fd1adf04f6a845f4d1727c5472697e93",
"HMAC-SHA1(dsa/fips_dsa_gen.c)= c252db14699f3ff641db052311da7d7521569c53",
"HMAC-SHA1(dsa/fips_dsa_gen.c)= 78c879484fd849312ca4828b957df3842b70efc0",
"HMAC-SHA1(dsa/fips_dsa_selftest.c)= 7c2ba8d82feda2aadc8b769a3b6c4c25a6356e01",
"HMAC-SHA1(rand/fips_rand.c)= 29139e29f56f3ecd99f527af8742d5afb12f409a",
"HMAC-SHA1(rand/fips_rand.h)= bf009ea8963e79b1e414442ede9ae7010a03160b",
"HMAC-SHA1(rsa/fips_rsa_eay.c)= 2596773a7af8f037427217b79f56858296961d66",
"HMAC-SHA1(rsa/fips_rsa_gen.c)= 713d2e0d7a1a682b1794f1224b7afe01272ba755",
"HMAC-SHA1(rsa/fips_rsa_selftest.c)= 8c915b5a4e354dcede93ba08c42858d4dd884e67",
"HMAC-SHA1(sha1/fips_sha1dgst.c)= 867e990149be16fe9e758b916b5ffc9d9fa61afb",
"HMAC-SHA1(sha1/fips_standalone_sha1.c)= 93203c569097189b47a0085bc9fc55193867d4ce",
"HMAC-SHA1(sha1/fips_sha1_selftest.c)= bd5c6ece3ef96237440bb0c51c7cf2bd42d39483",
"HMAC-SHA1(rsa/fips_rsa_selftest.c)= dcd0970a4de2d7f0d2333d6a3efb1ae350209b57",
"HMAC-SHA1(sha1/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04",
"HMAC-SHA1(sha1/fips_standalone_sha1.c)= faae95bc36cc80f5be6a0cde02ebab0f63d4fd97",
"HMAC-SHA1(sha1/fips_sha1_selftest.c)= e4a50c88af171121f5f84476f33efb7d12c2e917",
"HMAC-SHA1(sha1/asm/fips-sx86-elf.s)= ae66fb23ab8e1a2287e87a0a2dd30a4b9039fe63",
"HMAC-SHA1(sha1/fips_sha_locl.h)= c1b4c82eec5f0ee119658456690f3ea9d77ed1c5",
"HMAC-SHA1(sha1/fips_md32_common.h)= 08a057a7b94acf5df4301ea6c894ce14082e1ec4",
"HMAC-SHA1(sha1/fips_sha_locl.h)= 30b6d6bdbdc9db0d66dc89010c1f4fe1c7b60574",
"HMAC-SHA1(sha1/fips_md32_common.h)= c34d8b7785d3194ff968cf6d3efdd2bfcaec1fad",
"HMAC-SHA1(sha1/fips_sha.h)= cbe98c211cff1684adfa3fe6e6225e92a0a25f6c",
"HMAC-SHA1(sha1/fips_sha256.c)= 826e768677e67b7c87dfc9e084245b619804d01c",
"HMAC-SHA1(sha1/fips_sha512.c)= 2df9a994290d0f3e6eb621c981bfc4af78a15988",
"HMAC-SHA1(hmac/fips_hmac.c)= a477cec1da76c0092979c4a875b6469339bff7ef",
};

2
fips/rsa/fips_rsa_selftest.c
View File

@ -51,7 +51,7 @@
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/rsa.h>
#include <openssl/sha.h>
#include <openssl/fips_sha.h>
#include <openssl/opensslconf.h>
#ifdef OPENSSL_FIPS

8
fips/sha1/Makefile
View File

@ -25,12 +25,14 @@ APPS=
EXE= fips_standalone_sha1$(EXE_EXT)
LIB=$(TOP)/libcrypto.a
LIBSRC=fips_sha1dgst.c fips_sha1_selftest.c asm/fips-sx86-elf.s
LIBOBJ=fips_sha1dgst.o fips_sha1_selftest.o $(FIPS_SHA1_ASM_OBJ)
LIBSRC=fips_sha1dgst.c fips_sha1_selftest.c asm/fips-sx86-elf.s \
fips_sha256.c fips_sha512.c
LIBOBJ=fips_sha1dgst.o fips_sha1_selftest.o $(FIPS_SHA1_ASM_OBJ) \
fips_sha256.o fips_sha512.o
SRC= $(LIBSRC) fips_standalone_sha1.c
EXHEADER=
EXHEADER=fips_sha.h
HEADER= $(EXHEADER) fips_sha_locl.h fips_md32_common.h
ALL= $(GENERAL) $(SRC) $(HEADER)

4
fips/sha1/fips_md32_common.h
View File

@ -206,7 +206,7 @@
: "cc"); \
ret; \
})
# elif defined(__powerpc) || defined(__ppc)
# elif defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
# define ROTATE(a,n) ({ register unsigned int ret; \
asm ( \
"rlwinm %0,%1,%2,0,31" \
@ -393,7 +393,7 @@
* Time for some action:-)
*/
int HASH_UPDATE (HASH_CTX *c, const void *data_, FIPS_SHA_SIZE_T len)
int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
{
const unsigned char *data=data_;
register HASH_LONG * p;

186
fips/sha1/fips_sha.h Normal file
View File

@ -0,0 +1,186 @@
/* fips/sha1/fips_sha.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#ifndef HEADER_SHA_H
#define HEADER_SHA_H
#include <openssl/e_os2.h>
#ifdef __cplusplus
extern "C" {
#endif
#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
#error SHA is disabled.
#endif
/*
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
* ! SHA_LONG_LOG2 has to be defined along. !
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
*/
#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
#define SHA_LONG unsigned long
#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
#define SHA_LONG unsigned long
#define SHA_LONG_LOG2 3
#else
#define SHA_LONG unsigned int
#endif
#define SHA_LBLOCK 16
#define SHA_CBLOCK (SHA_LBLOCK*4) /* SHA treats input data as a
* contiguous array of 32 bit
* wide big-endian values. */
#define SHA_LAST_BLOCK (SHA_CBLOCK-8)
#define SHA_DIGEST_LENGTH 20
typedef struct SHAstate_st
{
SHA_LONG h0,h1,h2,h3,h4;
SHA_LONG Nl,Nh;
SHA_LONG data[SHA_LBLOCK];
unsigned int num;
} SHA_CTX;
#ifndef OPENSSL_NO_SHA1
int SHA1_Init(SHA_CTX *c);
int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
int SHA1_Final(unsigned char *md, SHA_CTX *c);
unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
#endif
#define SHA256_CBLOCK (SHA_LBLOCK*4) /* SHA-256 treats input data as a
* contiguous array of 32 bit
* wide big-endian values. */
#define SHA224_DIGEST_LENGTH 28
#define SHA256_DIGEST_LENGTH 32
typedef struct SHA256state_st
{
SHA_LONG h[8];
SHA_LONG Nl,Nh;
SHA_LONG data[SHA_LBLOCK];
unsigned int num,md_len;
} SHA256_CTX;
#ifndef OPENSSL_NO_SHA256
int SHA224_Init(SHA256_CTX *c);
int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
int SHA224_Final(unsigned char *md, SHA256_CTX *c);
unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md);
int SHA256_Init(SHA256_CTX *c);
int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
int SHA256_Final(unsigned char *md, SHA256_CTX *c);
unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md);
void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
#endif
#define SHA384_DIGEST_LENGTH 48
#define SHA512_DIGEST_LENGTH 64
/*
* Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
* being exactly 64-bit wide. See Implementation Notes in sha512.c
* for further details.
*/
#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a
* contiguous array of 64 bit
* wide big-endian values. */
#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
#define SHA_LONG64 unsigned __int64
#define U64(C) C##UI64
#elif defined(__arch64__)
#define SHA_LONG64 unsigned long
#define U64(C) C##UL
#else
#define SHA_LONG64 unsigned long long
#define U64(C) C##ULL
#endif
typedef struct SHA512state_st
{
SHA_LONG64 h[8];
SHA_LONG64 Nl,Nh;
union {
SHA_LONG64 d[SHA_LBLOCK];
unsigned char p[SHA512_CBLOCK];
} u;
unsigned int num,md_len;
} SHA512_CTX;
#ifndef OPENSSL_NO_SHA512
int SHA384_Init(SHA512_CTX *c);
int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA384_Final(unsigned char *md, SHA512_CTX *c);
unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md);
int SHA512_Init(SHA512_CTX *c);
int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA512_Final(unsigned char *md, SHA512_CTX *c);
unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md);
void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
#endif
#ifdef __cplusplus
}
#endif
#endif

8
fips/sha1/fips_sha1_selftest.c
View File

@ -50,10 +50,10 @@
#include <string.h>
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/sha.h>
#include <openssl/fips_sha.h>
#ifdef OPENSSL_FIPS
static const char * const test[]=
static char *test[]=
{
"",
"abc",
@ -61,7 +61,7 @@ static const char * const test[]=
NULL,
};
static unsigned char ret[][SHA_DIGEST_LENGTH]=
static const unsigned char ret[][SHA_DIGEST_LENGTH]=
{
{ 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55,
0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 },
@ -73,7 +73,7 @@ static unsigned char ret[][SHA_DIGEST_LENGTH]=
void FIPS_corrupt_sha1()
{
ret[0][0]++;
test[2][0]++;
}
int FIPS_selftest_sha1()

16
fips/sha1/fips_sha1dgst.c
View File

@ -63,6 +63,7 @@
#include <openssl/opensslv.h>
#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
#ifdef OPENSSL_FIPS
const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
@ -70,6 +71,21 @@ const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
/* The implementation is in fips_md32_common.h */
#include "fips_sha_locl.h"
unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
{
SHA_CTX c;
static unsigned char m[SHA_DIGEST_LENGTH];
OPENSSL_assert(sizeof(unsigned long)<=sizeof(size_t));
if (md == NULL) md=m;
if (!SHA1_Init(&c))
return NULL;
SHA1_Update(&c,d,n);
SHA1_Final(md,&c);
OPENSSL_cleanse(&c,sizeof(c));
return(md);
}
#else /* ndef OPENSSL_FIPS */
static void *dummy=&dummy;

2
fips/sha1/fips_sha1test.c
View File

@ -3,7 +3,7 @@
#include <ctype.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/sha.h>
#include <openssl/fips_sha.h>
#include <openssl/err.h>
#include <openssl/fips.h>
#ifdef FLAT_INC

320
fips/sha1/fips_sha256.c Normal file
View File

@ -0,0 +1,320 @@
/* crypto/sha/sha256.c */
/* ====================================================================
* Copyright (c) 2004 The OpenSSL Project. All rights reserved
* according to the OpenSSL license [found in ../../LICENSE].
* ====================================================================
*/
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
#include <stdlib.h>
#include <string.h>
#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
#include <openssl/fips_sha.h>
#include <openssl/fips.h>
#include <openssl/opensslv.h>
const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
int SHA224_Init (SHA256_CTX *c)
{
c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL;
c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL;
c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL;
c->h[6]=0x64f98fa7UL; c->h[7]=0xbefa4fa4UL;
c->Nl=0; c->Nh=0;
c->num=0; c->md_len=SHA224_DIGEST_LENGTH;
return 1;
}
int SHA256_Init (SHA256_CTX *c)
{
c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL;
c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL;
c->h[6]=0x1f83d9abUL; c->h[7]=0x5be0cd19UL;
c->Nl=0; c->Nh=0;
c->num=0; c->md_len=SHA256_DIGEST_LENGTH;
return 1;
}
unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
{
SHA256_CTX c;
static unsigned char m[SHA224_DIGEST_LENGTH];
if (md == NULL) md=m;
SHA224_Init(&c);
SHA256_Update(&c,d,n);
SHA256_Final(md,&c);
OPENSSL_cleanse(&c,sizeof(c));
return(md);
}
unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
{
SHA256_CTX c;
static unsigned char m[SHA256_DIGEST_LENGTH];
if (md == NULL) md=m;
SHA256_Init(&c);
SHA256_Update(&c,d,n);
SHA256_Final(md,&c);
OPENSSL_cleanse(&c,sizeof(c));
return(md);
}
int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
{ return SHA256_Update (c,data,len); }
int SHA224_Final (unsigned char *md, SHA256_CTX *c)
{ return SHA256_Final (md,c); }
#ifndef SHA_LONG_LOG2
#define SHA_LONG_LOG2 2 /* default to 32 bits */
#endif
#define DATA_ORDER_IS_BIG_ENDIAN
#define HASH_LONG SHA_LONG
#define HASH_LONG_LOG2 SHA_LONG_LOG2
#define HASH_CTX SHA256_CTX
#define HASH_CBLOCK SHA_CBLOCK
#define HASH_LBLOCK SHA_LBLOCK
/*
* Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
* default: case below covers for it. It's not clear however if it's
* permitted to truncate to amount of bytes not divisible by 4. I bet not,
* but if it is, then default: case shall be extended. For reference.
* Idea behind separate cases for pre-defined lenghts is to let the
* compiler decide if it's appropriate to unroll small loops.
*/
#define HASH_MAKE_STRING(c,s) do { \
unsigned long ll; \
unsigned int n; \
switch ((c)->md_len) \
{ case SHA224_DIGEST_LENGTH: \
for (n=0;n<SHA224_DIGEST_LENGTH/4;n++) \
{ ll=(c)->h[n]; HOST_l2c(ll,(s)); } \
break; \
case SHA256_DIGEST_LENGTH: \
for (n=0;n<SHA256_DIGEST_LENGTH/4;n++) \
{ ll=(c)->h[n]; HOST_l2c(ll,(s)); } \
break; \
default: \
if ((c)->md_len > SHA256_DIGEST_LENGTH) \
return 0; \
for (n=0;n<(c)->md_len/4;n++) \
{ ll=(c)->h[n]; HOST_l2c(ll,(s)); } \
break; \
} \
} while (0)
#define HASH_UPDATE SHA256_Update
#define HASH_TRANSFORM SHA256_Transform
#define HASH_FINAL SHA256_Final
#define HASH_BLOCK_HOST_ORDER sha256_block_host_order
#define HASH_BLOCK_DATA_ORDER sha256_block_data_order
void sha256_block_host_order (SHA256_CTX *ctx, const void *in, size_t num);
void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num);
#include "fips_md32_common.h"
#ifdef SHA256_ASM
void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host);
#else
static const SHA_LONG K256[64] = {
0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL,
0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL,
0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL,
0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL,
0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL,
0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL,
0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL,
0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL,
0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL,
0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL,
0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL,
0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL,
0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL,
0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL,
0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL,
0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL };
/*
* FIPS specification refers to right rotations, while our ROTATE macro
* is left one. This is why you might notice that rotation coefficients
* differ from those observed in FIPS document by 32-N...
*/
#define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
#define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
#define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
#define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
#ifdef OPENSSL_SMALL_FOOTPRINT
static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
{
unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2;
SHA_LONG X[16];
int i;
const unsigned char *data=in;
while (num--) {
a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
if (host)
{
const SHA_LONG *W=(const SHA_LONG *)data;
for (i=0;i<16;i++)
{
T1 = X[i] = W[i];
T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
T2 = Sigma0(a) + Maj(a,b,c);
h = g; g = f; f = e; e = d + T1;
d = c; c = b; b = a; a = T1 + T2;
}
data += SHA256_CBLOCK;
}
else
{
SHA_LONG l;
for (i=0;i<16;i++)
{
HOST_c2l(data,l); T1 = X[i] = l;
T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
T2 = Sigma0(a) + Maj(a,b,c);
h = g; g = f; f = e; e = d + T1;
d = c; c = b; b = a; a = T1 + T2;
}
}
for (;i<64;i++)
{
s0 = X[(i+1)&0x0f]; s0 = sigma0(s0);
s1 = X[(i+14)&0x0f]; s1 = sigma1(s1);
T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
T2 = Sigma0(a) + Maj(a,b,c);
h = g; g = f; f = e; e = d + T1;
d = c; c = b; b = a; a = T1 + T2;
}
ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
}
}
#else
#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \
h = Sigma0(a) + Maj(a,b,c); \
d += T1; h += T1; } while (0)
#define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \
s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
{
unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1;
SHA_LONG X[16];
int i;
const unsigned char *data=in;
while (num--) {
a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
if (host)
{
const SHA_LONG *W=(const SHA_LONG *)data;
T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h);
T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g);
T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f);
T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e);
T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d);
T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c);
T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b);
T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a);
T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h);
T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g);
T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f);
T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e);
T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d);
T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c);
T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b);
T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a);
data += SHA256_CBLOCK;
}
else
{
SHA_LONG l;
HOST_c2l(data,l); T1 = X[0] = l; ROUND_00_15(0,a,b,c,d,e,f,g,h);
HOST_c2l(data,l); T1 = X[1] = l; ROUND_00_15(1,h,a,b,c,d,e,f,g);
HOST_c2l(data,l); T1 = X[2] = l; ROUND_00_15(2,g,h,a,b,c,d,e,f);
HOST_c2l(data,l); T1 = X[3] = l; ROUND_00_15(3,f,g,h,a,b,c,d,e);
HOST_c2l(data,l); T1 = X[4] = l; ROUND_00_15(4,e,f,g,h,a,b,c,d);
HOST_c2l(data,l); T1 = X[5] = l; ROUND_00_15(5,d,e,f,g,h,a,b,c);
HOST_c2l(data,l); T1 = X[6] = l; ROUND_00_15(6,c,d,e,f,g,h,a,b);
HOST_c2l(data,l); T1 = X[7] = l; ROUND_00_15(7,b,c,d,e,f,g,h,a);
HOST_c2l(data,l); T1 = X[8] = l; ROUND_00_15(8,a,b,c,d,e,f,g,h);
HOST_c2l(data,l); T1 = X[9] = l; ROUND_00_15(9,h,a,b,c,d,e,f,g);
HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f);
HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e);
HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d);
HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c);
HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b);
HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a);
}
for (i=16;i<64;i+=8)
{
ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X);
ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X);
ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X);
ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X);
ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X);
ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X);
ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X);
ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X);
}
ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
}
}
#endif
#endif /* SHA256_ASM */
/*
* Idea is to trade couple of cycles for some space. On IA-32 we save
* about 4K in "big footprint" case. In "small footprint" case any gain
* is appreciated:-)
*/
void HASH_BLOCK_HOST_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
{ sha256_block (ctx,in,num,1); }
void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
{ sha256_block (ctx,in,num,0); }
#endif /* OPENSSL_NO_SHA256 */

498
fips/sha1/fips_sha512.c Normal file
View File

@ -0,0 +1,498 @@
/* crypto/sha/sha512.c */
/* ====================================================================
* Copyright (c) 2004 The OpenSSL Project. All rights reserved
* according to the OpenSSL license [found in ../../LICENSE].
* ====================================================================
*/
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
/*
* IMPLEMENTATION NOTES.
*
* As you might have noticed 32-bit hash algorithms:
*
* - permit SHA_LONG to be wider than 32-bit (case on CRAY);
* - optimized versions implement two transform functions: one operating
* on [aligned] data in host byte order and one - on data in input
* stream byte order;
* - share common byte-order neutral collector and padding function
* implementations, ../md32_common.h;
*
* Neither of the above applies to this SHA-512 implementations. Reasons
* [in reverse order] are:
*
* - it's the only 64-bit hash algorithm for the moment of this writing,
* there is no need for common collector/padding implementation [yet];
* - by supporting only one transform function [which operates on
* *aligned* data in input stream byte order, big-endian in this case]
* we minimize burden of maintenance in two ways: a) collector/padding
* function is simpler; b) only one transform function to stare at;
* - SHA_LONG64 is required to be exactly 64-bit in order to be able to
* apply a number of optimizations to mitigate potential performance
* penalties caused by previous design decision;
*
* Caveat lector.
*
* Implementation relies on the fact that "long long" is 64-bit on
* both 32- and 64-bit platforms. If some compiler vendor comes up
* with 128-bit long long, adjustment to sha.h would be required.
* As this implementation relies on 64-bit integer type, it's totally
* inappropriate for platforms which don't support it, most notably
* 16-bit platforms.
* <appro@fy.chalmers.se>
*/
#include <stdlib.h>
#include <string.h>
#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
#include <openssl/fips_sha.h>
#include <openssl/fips.h>
#include <openssl/opensslv.h>
const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
#if defined(_M_IX86) || defined(_M_AMD64) || defined(__i386) || defined(__x86_64)
#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
#endif
int SHA384_Init (SHA512_CTX *c)
{
c->h[0]=U64(0xcbbb9d5dc1059ed8);
c->h[1]=U64(0x629a292a367cd507);
c->h[2]=U64(0x9159015a3070dd17);
c->h[3]=U64(0x152fecd8f70e5939);
c->h[4]=U64(0x67332667ffc00b31);
c->h[5]=U64(0x8eb44a8768581511);
c->h[6]=U64(0xdb0c2e0d64f98fa7);
c->h[7]=U64(0x47b5481dbefa4fa4);
c->Nl=0; c->Nh=0;
c->num=0; c->md_len=SHA384_DIGEST_LENGTH;
return 1;
}
int SHA512_Init (SHA512_CTX *c)
{
c->h[0]=U64(0x6a09e667f3bcc908);
c->h[1]=U64(0xbb67ae8584caa73b);
c->h[2]=U64(0x3c6ef372fe94f82b);
c->h[3]=U64(0xa54ff53a5f1d36f1);
c->h[4]=U64(0x510e527fade682d1);
c->h[5]=U64(0x9b05688c2b3e6c1f);
c->h[6]=U64(0x1f83d9abfb41bd6b);
c->h[7]=U64(0x5be0cd19137e2179);
c->Nl=0; c->Nh=0;
c->num=0; c->md_len=SHA512_DIGEST_LENGTH;
return 1;
}
#ifndef SHA512_ASM
static
#endif
void sha512_block (SHA512_CTX *ctx, const void *in, size_t num);
int SHA512_Final (unsigned char *md, SHA512_CTX *c)
{
unsigned char *p=(unsigned char *)c->u.p;
size_t n=c->num;
p[n]=0x80; /* There always is a room for one */
n++;
if (n > (sizeof(c->u)-16))
memset (p+n,0,sizeof(c->u)-n), n=0,
sha512_block (c,p,1);
memset (p+n,0,sizeof(c->u)-16-n);
#ifdef B_ENDIAN
c->u.d[SHA_LBLOCK-2] = c->Nh;
c->u.d[SHA_LBLOCK-1] = c->Nl;
#else
p[sizeof(c->u)-1] = (unsigned char)(c->Nl);
p[sizeof(c->u)-2] = (unsigned char)(c->Nl>>8);
p[sizeof(c->u)-3] = (unsigned char)(c->Nl>>16);
p[sizeof(c->u)-4] = (unsigned char)(c->Nl>>24);
p[sizeof(c->u)-5] = (unsigned char)(c->Nl>>32);
p[sizeof(c->u)-6] = (unsigned char)(c->Nl>>40);
p[sizeof(c->u)-7] = (unsigned char)(c->Nl>>48);
p[sizeof(c->u)-8] = (unsigned char)(c->Nl>>56);
p[sizeof(c->u)-9] = (unsigned char)(c->Nh);
p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8);
p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16);
p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24);
p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32);
p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40);
p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48);
p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56);
#endif
sha512_block (c,p,1);
if (md==0) return 0;
switch (c->md_len)
{
/* Let compiler decide if it's appropriate to unroll... */
case SHA384_DIGEST_LENGTH:
for (n=0;n<SHA384_DIGEST_LENGTH/8;n++)
{
SHA_LONG64 t = c->h[n];
*(md++) = (unsigned char)(t>>56);
*(md++) = (unsigned char)(t>>48);
*(md++) = (unsigned char)(t>>40);
*(md++) = (unsigned char)(t>>32);
*(md++) = (unsigned char)(t>>24);
*(md++) = (unsigned char)(t>>16);
*(md++) = (unsigned char)(t>>8);
*(md++) = (unsigned char)(t);
}
break;
case SHA512_DIGEST_LENGTH:
for (n=0;n<SHA512_DIGEST_LENGTH/8;n++)
{
SHA_LONG64 t = c->h[n];
*(md++) = (unsigned char)(t>>56);
*(md++) = (unsigned char)(t>>48);
*(md++) = (unsigned char)(t>>40);
*(md++) = (unsigned char)(t>>32);
*(md++) = (unsigned char)(t>>24);
*(md++) = (unsigned char)(t>>16);
*(md++) = (unsigned char)(t>>8);
*(md++) = (unsigned char)(t);
}
break;
/* ... as well as make sure md_len is not abused. */
default: return 0;
}
return 1;
}
int SHA384_Final (unsigned char *md,SHA512_CTX *c)
{ return SHA512_Final (md,c); }
int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len)
{
SHA_LONG64 l;
unsigned char *p=c->u.p;
const unsigned char *data=(const unsigned char *)_data;
if(FIPS_selftest_failed())
return 0;
if (len==0) return 1;
l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff);
if (l < c->Nl) c->Nh++;
if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61);
c->Nl=l;
if (c->num != 0)
{
size_t n = sizeof(c->u) - c->num;
if (len < n)
{
memcpy (p+c->num,data,len), c->num += len;
return 1;
}
else {
memcpy (p+c->num,data,n), c->num = 0;
len-=n, data+=n;
sha512_block (c,p,1);
}
}
if (len >= sizeof(c->u))
{
#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
if ((size_t)data%sizeof(c->u.d[0]) != 0)
while (len >= sizeof(c->u))
memcpy (p,data,sizeof(c->u)),
sha512_block (c,p,1),
len -= sizeof(c->u),
data += sizeof(c->u);
else
#endif
sha512_block (c,data,len/sizeof(c->u)),
data += len,
len %= sizeof(c->u),
data -= len;
}
if (len != 0) memcpy (p,data,len), c->num = (int)len;
return 1;
}
int SHA384_Update (SHA512_CTX *c, const void *data, size_t len)
{ return SHA512_Update (c,data,len); }
void SHA512_Transform (SHA512_CTX *c, const unsigned char *data)
{ sha512_block (c,data,1); }
unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
{
SHA512_CTX c;
static unsigned char m[SHA384_DIGEST_LENGTH];
if (md == NULL) md=m;
SHA384_Init(&c);
SHA512_Update(&c,d,n);
SHA512_Final(md,&c);
OPENSSL_cleanse(&c,sizeof(c));
return(md);
}
unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
{
SHA512_CTX c;
static unsigned char m[SHA512_DIGEST_LENGTH];
if (md == NULL) md=m;
SHA512_Init(&c);
SHA512_Update(&c,d,n);
SHA512_Final(md,&c);
OPENSSL_cleanse(&c,sizeof(c));
return(md);
}
#ifndef SHA512_ASM
static const SHA_LONG64 K512[80] = {
U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd),
U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc),
U64(0x3956c25bf348b538),U64(0x59f111f1b605d019),
U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118),
U64(0xd807aa98a3030242),U64(0x12835b0145706fbe),
U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2),
U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1),
U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694),
U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3),
U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65),
U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483),
U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5),
U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210),
U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4),
U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725),
U64(0x06ca6351e003826f),U64(0x142929670a0e6e70),
U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926),
U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df),
U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8),
U64(0x81c2c92e47edaee6),U64(0x92722c851482353b),
U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001),
U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30),
U64(0xd192e819d6ef5218),U64(0xd69906245565a910),
U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8),
U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53),
U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8),
U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb),
U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3),
U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60),
U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec),
U64(0x90befffa23631e28),U64(0xa4506cebde82bde9),
U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b),
U64(0xca273eceea26619c),U64(0xd186b8c721c0c207),
U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178),
U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6),
U64(0x113f9804bef90dae),U64(0x1b710b35131c471b),
U64(0x28db77f523047d84),U64(0x32caab7b40c72493),
U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c),
U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a),
U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) };
#ifndef PEDANTIC
# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
# if defined(__x86_64) || defined(__x86_64__)
# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \
asm ("bswapq %0" \
: "=r"(ret) \
: "0"(ret)); ret; })
# endif
# endif
#endif
#ifndef PULL64
#define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
#endif
#ifndef PEDANTIC
# if defined(_MSC_VER)
# if defined(_WIN64) /* applies to both IA-64 and AMD64 */
# define ROTR(a,n) _rotr64((a),n)
# endif
# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
# if defined(__x86_64) || defined(__x86_64__)
# define ROTR(a,n) ({ unsigned long ret; \
asm ("rorq %1,%0" \
: "=r"(ret) \
: "J"(n),"0"(a) \
: "cc"); ret; })
# elif defined(_ARCH_PPC) && defined(__64BIT__)
# define ROTR(a,n) ({ unsigned long ret; \
asm ("rotrdi %0,%1,%2" \
: "=r"(ret) \
: "r"(a),"K"(n)); ret; })
# endif
# endif
#endif
#ifndef ROTR
#define ROTR(x,s) (((x)>>s) | (x)<<(64-s))
#endif
#define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
#define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
#define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
#define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
#if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
#define GO_FOR_SSE2(ctx,in,num) do { \
void sha512_block_sse2(void *,const void *,size_t); \
if (!(OPENSSL_ia32cap_P & (1<<26))) break; \
sha512_block_sse2(ctx->h,in,num); return; \
} while (0)
#endif
#ifdef OPENSSL_SMALL_FOOTPRINT
static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
{
const SHA_LONG64 *W=in;
SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2;
SHA_LONG64 X[16];
int i;
#ifdef GO_FOR_SSE2
GO_FOR_SSE2(ctx,in,num);
#endif
while (num--) {
a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
for (i=0;i<16;i++)
{
#ifdef B_ENDIAN
T1 = X[i] = W[i];
#else
T1 = X[i] = PULL64(W[i]);
#endif
T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
T2 = Sigma0(a) + Maj(a,b,c);
h = g; g = f; f = e; e = d + T1;
d = c; c = b; b = a; a = T1 + T2;
}
for (;i<80;i++)
{
s0 = X[(i+1)&0x0f]; s0 = sigma0(s0);
s1 = X[(i+14)&0x0f]; s1 = sigma1(s1);
T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
T2 = Sigma0(a) + Maj(a,b,c);
h = g; g = f; f = e; e = d + T1;
d = c; c = b; b = a; a = T1 + T2;
}
ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
W+=SHA_LBLOCK;
}
}
#else
#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \
h = Sigma0(a) + Maj(a,b,c); \
d += T1; h += T1; } while (0)
#define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \
s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
{
const SHA_LONG64 *W=in;
SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1;
SHA_LONG64 X[16];
int i;
#ifdef GO_FOR_SSE2
GO_FOR_SSE2(ctx,in,num);
#endif
while (num--) {
a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
#ifdef B_ENDIAN
T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h);
T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g);
T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f);
T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e);
T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d);
T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c);
T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b);
T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a);
T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h);
T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g);
T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f);
T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e);
T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d);
T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c);
T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b);
T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a);
#else
T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h);
T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g);
T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f);
T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e);
T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d);
T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c);
T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b);
T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a);
T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h);
T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g);
T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f);
T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e);
T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d);
T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c);
T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b);
T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a);
#endif
for (i=16;i<80;i+=8)
{
ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X);
ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X);
ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X);
ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X);
ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X);
ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X);
ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X);
ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X);
}
ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
W+=SHA_LBLOCK;
}
}
#endif
#endif /* SHA512_ASM */
#endif /* OPENSSL_NO_SHA512 */

17
fips/sha1/fips_sha_locl.h
View File

@ -60,7 +60,7 @@
#include <string.h>
#include <openssl/opensslconf.h>
#include <openssl/sha.h>
#include <openssl/fips_sha.h>
#include <openssl/fips.h>
#ifndef SHA_LONG_LOG2
@ -93,8 +93,8 @@
# define HASH_BLOCK_DATA_ORDER sha_block_data_order
# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id))
void sha_block_host_order (SHA_CTX *c, const void *p,FIPS_SHA_SIZE_T num);
void sha_block_data_order (SHA_CTX *c, const void *p,FIPS_SHA_SIZE_T num);
void sha_block_host_order (SHA_CTX *c, const void *p,size_t num);
void sha_block_data_order (SHA_CTX *c, const void *p,size_t num);
#elif defined(SHA_1)
@ -124,8 +124,8 @@
# define HASH_BLOCK_DATA_ORDER_ALIGNED sha1_block_asm_data_order
# endif
# endif
void sha1_block_host_order (SHA_CTX *c, const void *p,FIPS_SHA_SIZE_T num);
void sha1_block_data_order (SHA_CTX *c, const void *p,FIPS_SHA_SIZE_T num);
void sha1_block_host_order (SHA_CTX *c, const void *p,size_t num);
void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);
#else
# error "Either SHA_0 or SHA_1 must be defined."
@ -141,6 +141,9 @@
int HASH_INIT (SHA_CTX *c)
{
/* This assert denotes binary compatibility in 0.9.7 context
and commonly optimized away by compiler. */
OPENSSL_assert(sizeof(unsigned long)<=sizeof(size_t));
c->h0=INIT_DATA_h0;
c->h1=INIT_DATA_h1;
c->h2=INIT_DATA_h2;
@ -222,7 +225,7 @@ int HASH_INIT (SHA_CTX *c)
#endif
#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER
void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, FIPS_SHA_SIZE_T num)
void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num)
{
const SHA_LONG *W=d;
register unsigned MD32_REG_T A,B,C,D,E,T;
@ -350,7 +353,7 @@ void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, FIPS_SHA_SIZE_T num)
#endif
#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER
void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, FIPS_SHA_SIZE_T num)
void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
{
const unsigned char *data=p;
register unsigned MD32_REG_T A,B,C,D,E,T,l;

7
fips/sha1/fips_standalone_sha1.c
View File

@ -47,14 +47,15 @@
*
*/
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <openssl/opensslconf.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/opensslconf.h>
#include <openssl/fips_sha.h>
#include <openssl/hmac.h>
int FIPS_selftest_failed() { return 0; }
void OPENSSL_cleanse(void *p,size_t len) {}
#ifdef OPENSSL_FIPS